AWS Solutions Library

Guidance for a Non-Custodial Ethereum and Bitcoin Wallet Interface on AWS

Overview

This Guidance helps you create an Ethereum and Bitcoin web-based wallet application without having to manage blockchain infrastructure. The wallet application will provide application users with a way to view historical transactions, current token balances, portfolio holdings, and more. By deploying this Guidance, you can reduce the undifferentiated administrative load required to implement a non-custodial wallet interface for Ethereum-compatible blockchains, complete with a portfolio tracker and transaction history features.

How it works

These technical details feature an architecture diagram to illustrate how to effectively use this solution. The architecture diagram shows the key components and their interactions, providing an overview of the architecture's structure and functionality step-by-step.

Download the architecture diagram

Well-Architected Pillars

The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.

Operational Excellence

AWS Amplify Hosting hosts the static webpage for the Ethereum wallet interface, and it provides built-in continuous integration and continuous delivery (CI/CD) tools to incorporate and deploy changes to the web interface as code is committed.

Read the Operational Excellence whitepaper

Security

You can configure an Amazon Cognito Identity Pool for guest access (unauthenticated identities) to allow users of the web app to use Managed Blockchain services without creating an account. Using the Cognito Identity Pool basic (classic) authflow, the web application makes GetId and GetOpenIdToken requests to the Amazon Cognito API and receives an OAuth 2.0 token for each unauthenticated identity. The web application exchanges the OAuth 2.0 token for AWS API credentials by making an AssumeRoleWithWebIdentity API request to the AWS Security Token Service (STS) API and providing the Amazon Resource Names (ARN) of an AWS Identity and Access Management (IAM) role that grants permission to Managed Blockchain.

Note that by enabling guest access with Amazon Cognito Identity Pools, you are opening up your Amazon Managed Blockchain services to the public to create a wallet experience that does not require a user account. You could alternatively build authentication into your app using Amazon Cognito User Pools and Amazon Cognito Identity Pools, which would restrict access to registered users. The web application can use the Amplify JavaScript libraries to prompt users to create an account and sign in before obtaining AWS API credentials for Amazon Managed Blockchain.

Read the Security whitepaper

Reliability

This non-custodial wallet interface relies on highly-available APIs and fully-managed blockchain node infrastructure services offered by Managed Blockchain.

Read the Reliability whitepaper

Performance Efficiency

Managed Blockchain makes it easy for customers to access public blockchain networks like Ethereum and query token balances for a given user address. For a digital wallet interface, Managed Blockchain Access provides fully-managed Ethereum full nodes to broadcast transactions. Managed Blockchain Query provides APIs to query token balances and transaction history and populate the wallet interface with information about a user’s digital asset balances and transactions.

Read the Performance Efficiency whitepaper

Cost Optimization

Managed Blockchain Query offers serverless query APIs for public blockchain data, serving critical data for the web wallet interface. These APIs scale with user demand and do not have any minimum resource requirements.

Read the Cost Optimization whitepaper

Sustainability

Managed Blockchain Query APIs are designed to scale with your needs, allowing you to query public blockchain data at the volume that suits your workload without managing underlying blockchain infrastructure. By maximizing the use of managed services such as Amplify Hosting and Managed Blockchain, customers are not required to provision any self-managed hardware to deploy this workload.

Read the Sustainability whitepaper

Disclaimer

The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.